no-OS
noos_mbedtls_config.h
Go to the documentation of this file.
1 /***************************************************************************/
41 #ifndef NOOS_MBEDTLS_CONFIG_H
42 #define NOOS_MBEDTLS_CONFIG_H
43 
44 /******************************************************************************/
45 /***************************** User configuration *****************************/
46 /******************************************************************************/
47 
48 /*
49  * For an easy configuration of mbedtls library only this macros from user
50  * configuration should be modified. For more in deepth configuration see
51  * https://tls.mbed.org/ and noos/libraries/mbedtls/includes/config.h
52  */
53 
54 #define MBEDTLS_DEBUG_C
55 #define MBEDTLS_ERROR_C
56 
57 /* Latest supported version by mbedtls */
58 #define ENABLE_TLS1_2
59 
60 /*
61  * Enabled chipersuites.
62  * Ordered from most preferred to least preferred in terms of security.
63  *
64  * These are the chipersuites supported by http://test.mosquitto.org
65  * or the local mqtt server: https://mosquitto.org/download
66  * For the moment there will be examples only for this servers but these
67  * chipersuites should work for other servers too.
68  */
69 
70 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384
71 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA
72 #define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256
73 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256
74 //#define ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA
75 
76 /* Eliptic curves to be used by the chiper */
77 #define ENABLE_ECP_DP_SECP256R1_ENABLED
78 //#define ENABLE_ECP_DP_SECP384R1_ENABLED
79 
80 /*
81  * Parse certificates in PEM format.
82  * If not defined, only DER format can be used.
83  * On ADuCM3029 DER is recommended due to memmory limitations
84  */
85 #define ENABLE_PEM_CERT
86 
87 /*
88  * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
89  * If not defined, default of 16kb will be used.
90  * 2000 is a eoungh to do the tls handshake and is no to much
91  * platforms with memory constrains like ADuCM3029
92  */
93 //#define MAX_CONTENT_LEN 2500
94 
95 /*
96  * ENABLE_MEMORY_OPTIMIZATIONS should be defined in the case memory
97  * is not enough. This could happen is using both a secure connection with
98  * server an client verification.
99  */
100 #define ENABLE_MEMORY_OPTIMIZATIONS
101 
102 /******************************************************************************/
103 /********************* Minimal tls client requirements ************************/
104 /******************************************************************************/
105 
106 /* Minimal requirements */
107 /* Hardware entropy is used (trng.h) */
108 #define MBEDTLS_NO_PLATFORM_ENTROPY
109 /* Needed in order to use TLS features */
110 #define MBEDTLS_SSL_TLS_C
111 /* TLS Client features */
112 #define MBEDTLS_SSL_CLI_C
113 
114 /*
115  * Define available chippersuites. Available only if the requierements are meet.
116  * The requierements are generated depending on user configuration
117  */
118 #define MBEDTLS_SSL_CIPHERSUITES \
119  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,\
120  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,\
121  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
122  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
123  MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
124 
125 /******************************************************************************/
126 /*************** Configuration depending on user input ************************/
127 /******************************************************************************/
128 
129 #ifdef MAX_CONTENT_LEN
130 #define MBEDTLS_SSL_MAX_CONTENT_LEN MAX_CONTENT_LEN
131 #endif
132 
133 #ifdef ENABLE_TLS1_2
134 
135 #define MBEDTLS_SSL_PROTO_TLS1_2
136 
137 /* Key exchange enabled types */
138 #if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
139  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
140  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
141  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) || \
142  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) )
143 
144 /* Enable KEY_EXCHANGE_ECDHE_RSA_ENABLED if used one of these chipersuites is defined */
145 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
146 
147 #endif /* Chipers that use ENABLE_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
148 #endif /* ENABLE_TLS1_2 */
149 
150 #ifdef ENABLE_MEMORY_OPTIMIZATIONS
151 
152 #define MBEDTLS_AES_ROM_TABLES
153 #define MBEDTLS_ECP_WINDOW_SIZE 2
154 
155 #endif /* ENABLE_MEMORY_OPTIMIZATIONS */
156 
157 #ifdef ENABLE_PEM_CERT
158 
159 #define MBEDTLS_BASE64_C
160 #define MBEDTLS_PEM_PARSE_C
161 
162 #endif /* ENABLE_PEM_CERT */
163 
164 /******************************************************************************/
165 /**************** Solve dependencies needed by modules ************************/
166 /******************************************************************************/
167 
168 /* Dependencies for MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
169 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
170 
171 #define MBEDTLS_RSA_C
172 #define MBEDTLS_BIGNUM_C
173 #define MBEDTLS_OID_C
174 #define MBEDTLS_ECDH_C
175 #define MBEDTLS_ECP_C
176 #define MBEDTLS_PK_C
177 #define MBEDTLS_PK_PARSE_C
178 #define MBEDTLS_PKCS1_V15
179 #define MBEDTLS_ASN1_PARSE_C
180 #define MBEDTLS_X509_USE_C
181 #define MBEDTLS_X509_CRT_PARSE_C
182 
183 #ifdef ENABLE_ECP_DP_SECP256R1_ENABLED
184 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
185 #endif
186 #ifdef ENABLE_ECP_DP_SECP384R1_ENABLED
187 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
188 #endif
189 
190 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
191 
192 #ifdef MBEDTLS_SSL_TLS_C
193 #define MBEDTLS_MD_C
194 #define MBEDTLS_CIPHER_C
195 #endif /* MBEDTLS_SSL_TLS_C */
196 
197 #if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ||\
198  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) ||\
199  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) ||\
200  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) ||\
201  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
202 
203 # define MBEDTLS_AES_C
204 
205 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
206  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA) || \
207  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256) )
208 # define MBEDTLS_CIPHER_MODE_CBC
209 # if defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
210 # define MBEDTLS_SHA256_C
211 # endif
212 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_CBC_SHA) || \
213  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_CBC_SHA))
214 # define MBEDTLS_SHA1_C
215 # endif
216 # endif
217 
218 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
219  defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
220 # define MBEDTLS_GCM_C
221 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256))
222 # define MBEDTLS_SHA256_C
223 # endif
224 # if (defined(ENABLE_CHIPERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384))
225 # define MBEDTLS_SHA512_C
226 # endif
227 # endif
228 
229 #endif
230 
231 #ifdef MBEDTLS_SSL_PROTO_TLS1_2
232 #if (!defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA256_C) &&\
233  !defined(MBEDTLS_SHA1_C))
234 #define MBEDTLS_SHA256_C
235 #endif
236 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
237 
238 /* Check if the configuration is ok */
239 #include "mbedtls/check_config.h"
240 
241 #endif /* NOOS_MBEDTLS_CONFIG_H */
Generated by   doxygen 1.8.17